Gyan Doshi [Sun, 10 Jun 2018 14:48:10 +0000 (20:18 +0530)]
avformat: deprecate unused MP4A_LATM flag
A generic lavf flag for AAC LATM packetization for the RTP muxer was
added in ef409645f0 and then made inert 20 days later in 0832122880
when a private muxer option was added and the generic flag no longer
read.
Marton Balint [Mon, 4 Jun 2018 08:02:46 +0000 (10:02 +0200)]
avdevice/decklink_dec: use a custom memory allocator
The default memory allocator is limited in the max number of frames available,
and therefore caused frame drops if the frames were not freed fast enough.
avcodec/h264_slice: Fix overflow in recovery_frame computation
Fixes: signed integer overflow: 15 + 2147483646 cannot be represented in type 'int' Fixes: 8381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-6225533137321984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/h264_mc_template: Only prefetch motion if the list is used.
Fixes: index 59 out of bounds for type 'H264Ref [48]' Fixes: 8232/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5703295145345024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: OOM Fixes: 8178/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XWD_fuzzer-4844793342459904 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 2146907204 + 26846088 cannot be represented in type 'int' Fixes: 8105/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WAVPACK_fuzzer-6233036682166272 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Carl Eugen Hoyos [Sun, 10 Jun 2018 01:19:59 +0000 (03:19 +0200)]
lsws/rgb2rgb_template: Do not compile unneeded shuffle functions on big-endian.
Fixes the following warnings:
In file included from libswscale/rgb2rgb.c:128:0:
libswscale/rgb2rgb_template.c:346:13: warning: 'shuffle_bytes_3210_c' defined but not used
libswscale/rgb2rgb_template.c:346:13: warning: 'shuffle_bytes_3012_c' defined but not used
libswscale/rgb2rgb_template.c:346:13: warning: 'shuffle_bytes_1230_c' defined but not used
Jacob Trimble [Thu, 7 Jun 2018 17:29:33 +0000 (10:29 -0700)]
avformat/mov: Fix reading saio/saiz for clear content.
This validates that the common encryption saio/saiz atoms only appear
when the data is actually encrypted. This also ignores those atoms
in clear content.
Found by Chrome's ClusterFuzz: http://crbug.com/850389
Signed-off-by: Jacob Trimble <modmaker@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: signed integer overflow: 3 * 1006632960 cannot be represented in type 'int' Fixes: 8278/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5692857166856192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/shorten: Fix undefined shift in fix_bitshift()
Fixes: left shift of negative value -9 Fixes: 8571/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5715966875926528 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/shorten: Fix a negative left shift in shorten_decode_frame()
Fixes: left shift of negative value -9057 Fixes: 8527/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5666853924896768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Fixes: OOM Fixes: 8195/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5179785826271232
The reference software appears to use longs for 32bits and it uses int for nmeans
hinting that the intended maximum size was not 32bit.
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/shorten: Check non COMM chunk len before skip in decode_aiff_header()
Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 8024/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5109204648984576 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()
Fixes: signed integer overflow: 32768 + 2147450880 cannot be represented in type 'int' Fixes: 7885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5298834394578944 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/truemotion2: Fix overflow in tm2_apply_deltas()
Fixes: signed integer overflow: 1077952576 + 1077952576 cannot be represented in type 'int' Fixes: 7712/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5056281753681920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Sasi Inguva [Tue, 29 May 2018 22:36:07 +0000 (15:36 -0700)]
lavf/mov.c: Set st->start_time for video streams explicitly.
If start_time is not set, ffmpeg takes the duration from the global
movie instead of the per stream duration. Signed-off-by: Sasi Inguva <isasi@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Sasi Inguva [Thu, 29 Mar 2018 22:58:09 +0000 (15:58 -0700)]
lavf/mov.c: Fix timestamps to be strictly monotonic for video also.
We already do this for audio, but it should be done for video too.
If we don't, seeking back to the start of the file, for example, can
become quite broken, since the first N packets will have repeating
and nonmonotonic PTS, yet they need to be decoded even if they are
to be discarded.
Signed-off-by: Sasi Inguva <isasi@isasi.mtv.corp.google.com> Signed-off-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Fixes: runtime error: signed integer overflow: -1440457022 - 785819492 cannot be represented in type 'int' Fixes: 7700/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_OPUS_fuzzer-6595838684954624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
fftools/ffmpeg: fix for all forced key frames when 'copyts' is enabled
Forced key frames generation functionality was assuming the first PTS
value as zero, but, when 'copyts' is enabled, the first PTS can be any
big number. This was eventually forcing all the frames as key frames.
To resolve this issue, update has been made to use first input pts as
reference pts.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Out-of-bounds reference pixel replication should take into account the frame
coding mode of the reference frame(s), not the frame coding mode of the
current frame.
avfilter/drawtext: present 'hms' formatted 'pts' in 24h format
HMS is formatted as HH:MM:SS.mmm, but, HH part is not limited to
24 hours. For example, the the drawn text may look like this:
243029:20:30.342. To present the timestamp in more readable and
user friendly format, this patch provides an additional option
to limit the hour part in the range 0-23.
Note: Actually the above required format can be obtained with
format options 'localtime' and 'gmtime', but, milliseconds part
is not supported in those formats.
avcodec/vp3: Fix end of bitstream check in unpack_superblocks()
Fixes: regression Found-by: Frank Liberato <liberato@google.com> Tested-by: Frank Liberato <liberato@google.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Jan Ekström [Sat, 2 Jun 2018 15:07:22 +0000 (18:07 +0300)]
lavfi/Makefile: move dnn_*.o under vf_srcnn
These files depend on libavformat, and the vf_srcnn filter
currently is the only thing utilizing these dnn_* files and
already happens to have a dependency on libavformat.
This fixes compilation in cases where libavformat is not a
dependency for libavfilter.
avcodec/idctdsp: Transmit studio_profile to init instead of using AVCodecContext profile
These 2 fields are not always the same, it is simpler to always use the same field
for detecting studio profile
Fixes: null pointer dereference Fixes: ffmpeg_crash_3.avi Found-by: Thuan Pham <thuanpv@comp.nus.edu.sg>, Marcel Böhme, Andrew Santosa and Alexandru RazvanCaciulescu with AFLSmart Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Andrey Semashev [Wed, 23 May 2018 21:07:36 +0000 (00:07 +0300)]
lavfi/tests: Fix 16-bit vf_blend test to avoid memory not aligned to 2 bytes
Generic C implementation of vf_blend performs reads and writes of 16-bit
elements, which requires the buffers to be aligned to at least 2-byte
boundary.
Also, the change fixes source buffer overrun caused by src_offset being
added to to test handling of misaligned buffers.
Fixes: #7226 Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
erankor [Tue, 29 May 2018 13:18:05 +0000 (16:18 +0300)]
qt-faststart - stricter input validations
1. validate the moov size before checking for cmov atom
2. avoid performing arithmetic operations on unvalidated numbers
3. verify the stco/co64 offset count does not overflow the stco/co64
atom (not only the moov atom)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avcodec/qtrle: Do not output duplicated frames on insufficient input
This improves performance and makes qtrle behave more similar to other decoders.
Libavcodec does generally not output known duplicated frames, instead the calling Application
can insert them as it needs.
Fixes: Timeout Fixes: 6383/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QTRLE_fuzzer-6199846902956032 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
avformat/movenc: creating producer reference time (PRFT) box
The producer reference time box supplies relative wall-clock times
at which movie fragments, or files containing movie fragments
(such as segments) were produced.
The box is mainly useful in live streaming use cases. A media player
can parse the box and utilize the time fields to measure and improve
the latency during real time playout.
avformat/utils: function to get the formatted ntp time
This utility function creates 64-bit NTP time format as per the RFC
5905.
A simple explaination of 64-bit NTP time format is here
http://www.beaglesoft.com/Manual/page53.htm
Jerome Borsboom [Mon, 28 May 2018 21:50:28 +0000 (23:50 +0200)]
avcodec/vc1: store zero MVs for all blocks in a MB
Direct prediction for interlace frame B pictures references the mv in the
second block in an MB in the backward reference frame for the twomv case.
When the backward reference frame is an I frame, this value may be unset.
Jerome Borsboom [Fri, 18 May 2018 15:06:23 +0000 (17:06 +0200)]
avcodec/vc1: fix mquant calculation for interlace field pictures
For interlace field pictures s->mb_height indicates the height of the full
picture in MBs, i.e. the two fields combined. A single field is half this
size. When calculating mquant for interlace field pictures, the bottom edge
is the last MB row of the field.
avcodec/allcodecs: Provide empty codec_list in allcodecs when ossfuzz is used
The last workaround is not sufficient to make oss fuzz work with the iterate API
as it did not provide a FFmpeg that external libs can be linked to.
This patch does not fully restore the pre iterate functionality. My attempts to
do this have so far failed.
The problem with this solution is that it renders the fuzzers virtual system
ffmpeg (libs) non functional. Which differs from a real system compared to the
virtual system tested by the fuzzer.
It should theoretically not matter as the system ffmpeg wouldnt be used.
But with more cases being fuzzed we likely will hit a case where a external
lib is involved and it does matter ...
Working around this may be possible with weak symbols but so far my attempts
failed
Alternatively multiple ffmpeg could be built, this becomes messy though
quickly as they need to be all linked together. That is we need a FFmpeg
that has the iterate API modified so it can work with the resources
available to ossfuzz. And at the same time we need a ffmpeg that has
its full functionality for any external libs which use ffmpeg and are
used by ffmpeg.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Jan Ekström [Mon, 28 May 2018 00:21:35 +0000 (03:21 +0300)]
lavf/libssh: translate a read of 0 to EOF
Yet another case of forgotten 0 =! EOF translation.
While the documentation for this specific synchronous read
function does not mention it, the documentation for
`sftp_async_read` documents it, as well as looking at the
implementation of this function leads one to find
`if (handle->eof) { return 0; }`.